This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch branch-1.10
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/branch-1.10 by this push:
new 5f11540cf7 [KYUUBI #6921][AUTHZ] Test CTAS for Paimon
5f11540cf7 is described below
commit 5f11540cf7e0186469f9ae23ef5d98f87c01aa7f
Author: davidyuan <[email protected]>
AuthorDate: Wed Feb 19 14:21:06 2025 +0800
[KYUUBI #6921][AUTHZ] Test CTAS for Paimon
### Why are the changes needed?
AUTHZ Test CTAS for Paimon to check it support this command, the related
issue is https://github.com/apache/kyuubi/issues/6921
### How was this patch tested?
Test Authz for paimon with create table as command. Check the permission.
### Was this patch authored or co-authored using generative AI tooling?
No
Closes #6922 from davidyuan1223/support_create_table_as_for_paimon_check.
Closes #6921
7bfd6ad49 [david yuan] Update
extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
a9ce20cc4 [davidyuan] support create table as for paimon
Lead-authored-by: davidyuan <[email protected]>
Co-authored-by: david yuan <[email protected]>
Signed-off-by: Cheng Pan <[email protected]>
(cherry picked from commit ed96ac167d93ce29a493267ffc81776b9895666b)
Signed-off-by: Cheng Pan <[email protected]>
---
.../PaimonCatalogRangerSparkExtensionSuite.scala | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
index 9cbd534d0f..841520aeb9 100644
---
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/PaimonCatalogRangerSparkExtensionSuite.scala
@@ -100,6 +100,27 @@ class PaimonCatalogRangerSparkExtensionSuite extends
RangerSparkExtensionSuite {
}
}
+ test("CTAS") {
+ val table2 = "table2"
+ withCleanTmpResources(Seq(
+ (s"$catalogV2.$namespace1.$table1", "table"),
+ (s"$catalogV2.$namespace1.$table2", "table"))) {
+ val createTable = createTableSql(namespace1, table1)
+ doAs(admin, sql(createTable))
+ val createTableAsSql =
+ s"""
+ |CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2
+ |USING paimon
+ |AS
+ |SELECT * FROM $catalogV2.$namespace1.$table1
+ |""".stripMargin
+ interceptEndsWith[AccessControlException] {
+ doAs(someone, sql(createTableAsSql))
+ }(s"does not have [select] privilege on [$namespace1/$table1/id]")
+ doAs(admin, sql(createTableAsSql))
+ }
+ }
+
def createTableSql(namespace: String, table: String): String =
s"""
|CREATE TABLE IF NOT EXISTS $catalogV2.$namespace.$table
